Internet Draft


HTTP Working Group                                      J. Mogul, DECWRL
Internet-Draft                                         12 September 1997
Expires: 28 March 1998


          Format and Example of HTTP/1.1 Requirements Summary

                     draft-mogul-http-req-sum-00.txt


STATUS OF THIS MEMO

        This document is an Internet-Draft. Internet-Drafts are
        working documents of the Internet Engineering Task Force
        (IETF), its areas, and its working groups. Note that other
        groups may also distribute working documents as
        Internet-Drafts.

        Internet-Drafts are draft documents valid for a maximum of
        six months and may be updated, replaced, or obsoleted by
        other documents at any time. It is inappropriate to use
        Internet-Drafts as reference material or to cite them other
        than as "work in progress."

        To learn the current status of any Internet-Draft, please
        check the "1id-abstracts.txt" listing contained in the
        Internet-Drafts Shadow Directories on ftp.is.co.za
        (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific
        Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US
        West Coast).

        Distribution of this document is unlimited.  Please send
        comments to the HTTP working group at
        .  Discussions of the working
        group are archived at
        .  General
        discussions about HTTP and the applications which use HTTP
        should take place on the  mailing list.


ABSTRACT

        RFC1122 [1] introduced a ``Requirements Summary'' format,
        to help implementors understand what aspects of a lengthy
        specification were mandatory, recommended, or optional.
        The HTTP/1.1 specification is similarly lengthy and
        complicated; many implementors have asked for guidance in
        understanding what they need to do.  The latest draft
        revision of the HTTP/1.1 specification [2] has a
        placeholder section for a ``Requirements Summary'', but
        there has been relatively little discussion of the format
        and content of this summary in the HTTP working group.
        This document proposes a specific format for the summary,
        and gives an example summary for one section of the
        document.
Mogul                                                           [Page 1]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


                           TABLE OF CONTENTS

1 Introduction                                                         2
2 Categorizing implementations                                         2
     2.1 Introductory material for Requirements Summary                3
3 DRAFT Requirements summary for Section 13: Caching                   4
4 Security Considerations                                              7
5 Acknowledgments                                                      7
6 References                                                           7
7 Author's address                                                     7


1 Introduction

   RFC1122 [1] introduced a ``Requirements Summary'' format, to help
   implementors understand what aspects of a lengthy specification were
   mandatory, recommended, or optional.  The HTTP/1.1 specification is
   similarly lengthy and complicated; many implementors have asked for
   guidance in understanding what they need to do.  This is especially
   important because there are several kinds of HTTP/1.1 implementations
   (including server, proxy, and client, with or without caches).  Many
   aspects of the specification apply only to a subset of these
   implementation categories, which means that someone implementing,
   say, an HTTP client must disentangle the client-specific requirements
   from the (client-irrrelevant) requirements for servers and proxies.

   The latest draft revision of the HTTP/1.1 specification [2] has a
   placeholder section for a ``Requirements Summary'' (section 19.9).
   but there has been relatively little discussion of the format and
   content of this summary in the HTTP working group.  What little
   discussion has taken place has been mostly positive, but there are
   some concerns about how the implementations are categorized.

   This document proposes a specific format for the summary, and gives
   an example summary for one section of the document.


2 Categorizing implementations

   We would like to design the format of the Requirements Summary so
   that it is readable even in the plain-ASCII version of the HTTP/1.1
   specification, since this is the ``official'' version of an IETF
   specification.  This places some constraints on the number of columns
   in the format, which in turn constrains the number of categories that
   can be comfortably included.

   Although at first glance, there might appear to be at least six
   different implementation categories (server, proxy, client, each with
   or without a cache).  However, in many sections of the HTTP
   specification, caching is irrelevant.  For many other features, it is
   fairly obvious whether the feature applies to a cache or not.

Mogul                                                           [Page 2]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


   Therefore, we propose a format where the applicability of a
   requirement to an caching implementation is signalled by a footnote,
   rather than expanding the number of columns to six.

   One possible implementation of this format would be as a spreadsheet,
   using a portable representation (such as ``comma separated values'').
   The use of a spreadsheet would allow separate editing of the
   requirements summary, followed by semi-automatic insertion into the
   master copy of the HTTP/1.1 specification.  It might also allow
   semi-automatic extraction of subset requirements application to
   specific kinds of implementations.

2.1 Introductory material for Requirements Summary
   [This is repeated more or less verbatim from section 19.9 of [2], for
   the benefit of the reader.]

   This section summarizes the requirements of the HTTP/1.1
   specification.  (Requirements are those aspects of the protocol
   defined with the words "MUST", "SHOULD", or "MAY.")

   This list is not a normative part of the HTTP/1.1 specification, and
   if there is any conflict between this listing and another part of the
   specification, the statements elsewhere in the specification take
   absolute priority.

   Requirements are listed in the order that they appear in the the
   specification.  For each requirement, the list includes

      - a very brief summary of the feature; this is meant for
        identification purposes only, and must not be used as a
        specification of the feature.

      - the section of the document in which the feature is
        specified.

      - A column for each of three categories of implementation
        (Server, Proxy, and Client), showing whether the listed
        feature is a MUST, SHOULD, or MAY requirement.

      - A column for additional footnotes Note that some aspects of
        the protocol may be specified in multiple sections in
        separated part of the document.

   In order to fit into the standard IETF format for ASCII text
   documents, some of the column headings, and the requirement keywords,
   are abbreviated.

   [End of extract from [2].]

   Key for column headings:
     Srvr =  Server

Mogul                                                           [Page 3]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


     Prox =  Proxy
     Clnt =  Client

   Key for requirements keywords:
      M =    MUST
      MN =   MUST NOT
      S =    SHOULD
      SN =   SHOULD NOT
      ok =   MAY
      na =   Not applicable

   Some entries are listed as ``MUST NOT'' or ``SHOULD NOT'' even if the
   feature summary seems to indicate a ``MUST'' or ``SHOULD''.  The
   entries reflect the words from the actual spec, rather than the
   feature summary.  I.e., the feature summary wording is only to help
   the reader find the appropriate passage; it is in no way a definitive
   description of the requirement!


3 DRAFT Requirements summary for Section 13: Caching

      The following table has NOT been carefully proofread; it
      probably contains errors.  Please do not base an implementation
      on this version of the summary!

      There is at least one bogus entry that has been inserted into
      the following table, to encourage careful proofreading.

   For section 13 (Caching), almost all of the requirements that apply
   to proxies apply only to caching proxies.  A few requirements do also
   apply to non-caching proxies; this is noted where applicable.

   Notes:
     1   Cache rule applies to client-local caches as well as proxy
         caches.

     2   Rule applies to non-caching proxies.

     98  No explicit upper-case conformance requirement stated in [2],
         perhaps not actually a conformance requirement.

     99  No explicit upper-case conformance requirement stated in [2]

   Feature summary                         Section Srvr Prox Clnt Note
   ===============                         ======= ==== ==== ==== ====

   Meets cache correctness rules 1-3       13.1.1   na   M    M   1
   If server unreachable, follow rules 1-3 13.1.1   na   S    S   1
    ditto, or return error/warning         13.1.1   na   M    M   1
   Forward initially-stale response        13.1.1   na   S    S   1, 2
   Don't revalidate initially-stale resp   13.1.1   na   SN   SN  1

Mogul                                                           [Page 4]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


   Display warning on received-stale resp  13.1.1   na   na   ok

   Delete MUST-delete warning after reval  13.1.2   na   M    M   1
   Keep MUST-keep warning after reval      13.1.2   na   M    M   1

   Attach Warning to stale response        13.1.5   na   M    na
   Obey client request for freshness       13.1.5   na   S    na

   Revalidate init-stale cached response   13.2.1   na   S    S   1

   Comply with Age calculation algorithm   13.2.3   na   M    M   1,2,99
   Interpret Age rel. to initiation time   13.2.3   na   M    M   1

   max-age overrules Expires               13.2.4   na   M    M   1, 99
   Use heuristic if no Expires or max-age  13.2.4   na   ok   ok  1
   Warn if heuristic & Age > 24 hours      13.2.4   na   M    M   1, 99
   Base heuristic on Last-Mod time         13.2.4   na   S    S   1
   Freshness test based on age             13.2.4   na   M    M   1, 99

   Ignore new response with older Date     13.2.5   na   ok   ok  1
   Use response with most recent Date      13.2.5   na   M    M   1
   Re-revalidate when new resp seems old   13.2.6   na   S    S   1
   Don't expect disambiguation for = Dates 13.2.6   MN   na   na

   Weak comparison for non-subrange reqs   13.3.3   ok   ok   na
   Strong comparison for subrange/non-GET  13.3.3   M    M    na
   Last-modified implicitly weak           13.3.3   M    M    M   99

   Strong etag changes always              13.3.4   M    na   na
   Weak etag changes when 'significant'    13.3.4   S    na   na
   Use etag in conditionals, if available  13.3.4   na   M    M
   Use Last-Modified, if avail & no etag   13.3.4   na   S    S
    ditto, with subrange reqs              13.3.4   na   ok   ok
   Disable use of Last-Mod w/subranges     13.3.4   na   na   S   99
   Use both Last-Mod & etag, if avail      13.3.4   na   S    S
   Use most restrictive validator          13.3.4   na   M    M   1

   Validate only w/etag or Last-Modified   13.3.5   M    M    M   98

   Responses normally cachable             13.4     na   ok   ok  99
   HTTP/1.0 responses not cachable         13.4     na   MN   MN  1
   No validator/expires/max-age ->no cache 13.4     na   S    S   99
    ditto unless unusual situation         13.4     na   ok   ok  99
   Cachable status codes are
    200, 203, 206, 300, 301, 410           13.4     na   ok   ok  99
   Cache 206 only if ranges supported      13.4     na   MN   MN  1
   Other status codes w/out explict perm   13.4     na   MN   MN  1

   Don't add or modify Content-Location,
     Content-MD5, or Etag                  13.5.2   na   MN   na  2
   Don't modify Expires, Content-Length    13.5.2   na   MN   na  2

Mogul                                                           [Page 5]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


   Added Expires = Date                    13.5.2   na   M    M   2
   Added Content-Length is accurate        13.5.2   na   M    na  2
   If no-transform, don't add
    Content-Encoding, Content-Length,
    Content-Range, Content-Type            13.5.2   na   MN   na  2
   Add Warning if adding
    Content-Encoding, Content-Length,
    Content-Range, Content-Type            13.5.2   na   M    na  2

   Combine partial resps                   13.5.3   na   ok   ok  1
   Delete 1XX Warnings on revalidate       13.5.3   na   M    M   1
   Keep 2XX Warnings on revalidate         13.5.3   na   M    M   1
   304/206 hdrs update cache entry         13.5.3   na   M    M   1
   End-to-end hdrs update cache entry      13.5.3   na   M    M   1

   Combined subranges: validators match    13.5.4   na   M    M   1
   Combined subranges: strong validators   13.5.4   na   M    M   1
   Otherwise: use most recent partial resp 13.5.4   na   M    M   1, 99

   Use Vary to list selecting req hdrs     13.6     M    na   na
   New req hdrs match Vary on cache use    13.6     na   M    M   1
   Forward non-matching requests           13.6     na   M    M   1
   Forwarded req conditional if have Etag  13.6     na   S    S   1
   Resp updates entry if tags match        13.6     na   S    S   1
   Forward new response                    13.6     na   M    na
   Vary * means forward new reqs           13.6     na   MN   MN  1
   Omit Etag on conditional req and
    partial cache entry                    13.6     na   SN   SN  1
   Delete entry if URI matches
    Content-Location on newer resp and
    Etags don't match                      13.6     na   SN   SN  1

   Provide security for non-shared caches  13.7     S    S    S   1

   Store incomplete response               13.8     na   ok   ok  1, 99
   Incomplete resp. is partial             13.8     na   M    M   1
   Mark all partial resps. as such         13.8     na   M    M   1
   Don't use 200 with partial resp.        13.8     na   MN   MN  1
   Forward 5xx response                    13.8     na   ok   na  2
   Treat 5xx like dead server              13.8     na   ok   na

   GET/HEAD: no side effects               13.9     SN   na   na

   PUT,DELETE,POST invalidate entries      13.10    na   S    S   98
   Match host if invalidating by URI       13.10    na   M    M   1

   Write-through all updates               13.11    na   M    M   1

   Use latest response                     13.12    na   S    S   1

   History not transparent                 13.13    na   na   SN

Mogul                                                           [Page 6]

Internet-Draft         HTTP requirements summary 12 September 1997 17:27


   Expires no effect on history            13.13    na   na   ok  98
   History can indicate staleness          13.13    na   na   ok  98






4 Security Considerations

   This document only summarizes the specification in [2], it does not
   introduce any new features to HTTP.  Therefore, there are no security
   considerations particular to the requirements summary itself.


5 Acknowledgments

   T.B.S.


6 References

   1.  R. Braden.  Requirements for Internet Hosts -- Communication
   Layers.  RFC 1122, Internet Engineering Task Force, October, 1989.

   2.  Roy T. Fielding, Henrik Frystyk Nielsen, and Tim Berners-Lee.
   Hypertext Transfer Protocol -- HTTP/1.1.  Internet-Draft
   draft-ietf-http-v11-spec-08.txt, HTTP Working Group, September?,
   1997. [As of this writing, this document has not been assigned an
   actual Internet-Draft name/number; however, it is available on the
   Web at
   www.ics.uci.edu/pub/ietf/http/draft-ietf-http-v11-spec-08.txt.gz and
   is widely known as ``draft-08''].


7 Author's address

   Jeffrey C. Mogul
   Western Research Laboratory
   Digital Equipment Corporation
   250 University Avenue
   Palo Alto, California, 94305, USA
   Email: mogul@wrl.dec.com









Mogul                                                           [Page 7]